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Abstract of JP2002300150 

PROBLEM TO BE SOLVED: To solve the 
problem that it is impossible to cx>nfirm 
whether or not a key is surely generated in an 
10 card in the case that the key is generated 
online for the IC card via a network. 
SOLUTION: First an IC card stores a secret 
key SKI and a public key PK1, stores a public 
key certificate C generated by a credible 3rd 
party for the public key PK1 , the IC card 
generates a new secret key SK2 and a new 
public key PK2 upon the receipt of a key 
generating command, uses the secret key SKI 
corresponding to the public key PK1 of the 
public key certificate C to provide an electronic 
signature S to the newly generated public key 
PK2 and outputs the public key PK2 together 
with the public key certificate C. Verifying the 
public key certificate C and the electronic 
signature S can confirm that the newly 
generated public key PK2 is generated in the 
IC card. 
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Disclaimer / 
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[Claim(s)] 

[Claim 1] An IC card stores the public key certification information generated by the 3rd person who can trust it 
to this public key while storing a secret key and a public key beforehand. The secreLk?^^^ 

QpubJkiJie y of said public key cert ification information gives electronic signature to the public key which generated 
a new secret.key.and a-n^ 

generated, and it outputs with said pubjic key certification informatio n. The key generation method of the'lC (gard 
characterized by the ability to check that the pub lic key newly generatedby verifying said public key certification 
hfofmation ai id said electronlc^igiiature is jignergted^ithin an IC card, "^""^ 
[^aim z] rhelC card key generation method accoFdfrfirto^aim rcfiaracterized by including the signature 
candidate key algorithm version information, a serial number, a signer signature algorithm. Signer ID, the term of 
validity, and for [ ID } a signature, a signature candidate key, and a signer signature in said public key certification 
information. 

[Claim 3] A means by which an IC card stores the public key certification information g;enerated by the 3rd person 

\fequipment reliable, to this public key while storing the secret key and the public ke y, A meansjto answe r^ key 

jggn eration command and to generate a new secret key and a new public key, A means to generate electronis ^ 
l^ignaturel jtnth the secret key corresponding to the public key^f said publicJ?ey certi ficatio n information, Itjiasji^ 
j^rie ans to give this electronic signature to the newly generated public key, and to output with said publickfey 
i|jer tification inform ation. Jhe kevLgejiJ&iative^vstem of the IC card charantftri^ ftd by havin g a means by whiQiilbjg^.^ 
^^jg^rsQn__ec^iipment-gene r a tQQ s a id pii hl ir kft y r . ftrtifinatio n information, and JiavingLa-means to"cfe th^tT*ie 
0i£lic key jy which verification person equipment verified said public key certificatipn information and said 

eteglronic signatu re, and was newly g enerated is generated wTtRirrgnTie~cardr^ — - 

[C.laim^4?TheJRe^^^ oystcmUrUie IC ca r d auuu r dit ig^o^etalR^Jlxhaia^^ including the signature 

^xaadidate j5eyjilgo^^^ 

validity, and for [ ID ] a sign ature , a signature candidate ke y, and a sign er_§jgDatut:fiin^ said public key certificatiorP 
information. 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the key generation method of an IC card especially the method of 

generating on-line through a network, and a system. 

[0002] 

[Description of the Prior Art] As a new Information Storage Divisioh medium which replaces a magnetic card in 
finance, communication, traffic, a public, the medical field, etc. in recent years Using the IC card which has big 
storage capacity by security top safety, two or more applications were carried in this, and the IC card system . . 
which provides two or more services has appeared. Moreover, what can download desired application if needed has 
appeared. 

[0003] In such an IC card system, in order to attest the application in an IC card and a card, the code is used, at 
the time of issue, it stores or generates and the key for it is y^f^\<\^\^(^r^\ip^r^ jp <;iirh ^nJC card--system7^^ 
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within an IC card at the time of Qo iipfi^dis tribution of application and renewa l of a k ey by online e tc. is 
r. Oonventionaliy. this new key^ends a key gerw'ation^cbmmahd to an IC card from card issuing persorT 
equipment or service provider equipment, and made it generate it within an IC card, for example, when it was a key 
of the public key cryptosystem, it made the secret key and the public key generate within an IC card, and it was 
outputting'only public key information. 
[0004] 

[Problem to be solved by the invention] however, when key generation is performed on-line through a network to 
the IC card left distantly Since it cannot be checked whether surely the key generation has been performed within 
an IC card Neither distribution of just application nor the renewal of a key was guaranteed, for example, the 
inaccurate actor did **** of the IC card with the personal computer etc.. the fake key was generated, and there 
was a problem which can receive distribution of application unjustly. 
[0005] 

^ Mgans fojvsoJviQgH^foblem] [ the key generation method of the IC card of this invention / an IC card ] while an IC 
-iSard stores a secret key and a public key beforehand The public key certification information generated by the 3rd 
person who can trust it to this public key, for example, a card issuing person, is stor ed. The secret key 
correspo nding to the p ubjlc.kfiy ^f *^^'d publ ic key certi fication information gives electronic signature to the public 
"k ey wTjicFTgenerated a new secret kev and a new publicTTey at the time ot reception of a key generation comman c 
"ind was newly gen erated, and it outputs with said public key certification information. By verifying said public key,^ 
certificatibn^irifiBrmation and said signature, i ffs characterized by the ability to check t hat the n ewly generat ed 
public key i s generated within an IC c ard J a generative system / an IC carcT] while Thil^ of 
the1C~car ai)f this invention stores a secret key and a pu blic key A means to store the public key certHjcatlorT 
in^orniation generated by the 3rd person equipment reliabtelEoTlfl D®^"^ *o answer a key generatio 

command a nd to generate a new secre t key and g nfiW p ublic key, A means ^ ogeiwatie electrontc signature witTT 
t he;secr^ gRey_corres pQn^^ p ublic kev of said pub lic key certification mtormation, it J 2as,jjiieaj}s tc ^^ 

thi s electronic signature to the newly g^^neratfi d public key, and to output yyjth said public key certificatio n 
infoOTiation^It is characterized by having a means by which the 3rd person equipment generates said public key 
certification Information, and having a means to check that the public key by which verification person equipment 
verified said public key certification information and said electronic signature, and was newly generated is 
generated within an IC card. 

rooo6] 

ff Mode for carrying out the invention] With reference to Drawings, the online IC card key generation method of thi, 
//invention is hereafter explained per work example. Drawing 1 is the block diagram of the online IC card key 




f generative system by this invehtion, drawing 2 A shows the procedure at the time of the card issuing of the online 
IC card key generation method of this invention, and drawing 2 B shows key generation and a verification 
procedure, , . 

[0007] In the online IC card key generation niethod of this invention, as shown in drawing 2 A at the time of issue 
of IC card 1, IC card 1 sends only a public key to card issuing person equipment 2 while generating and storing tl 
key for authentication (here, it is secret key SKI and public key PK1) in the key generation section 11 in a card 
beforehand. In addition, this secret key SK1 and public key PK1 can also store in IC card 1 what card issuing 
person equipment generated. The certificate generation section 22 gives a signature of a card issuing person to 
public key PK1 sent, and card issuing person equipment 2 generates the certificate C proving this public key bei 
just while registering public key PK1 to which the key registration section 21 has been sent. Public key PK1 of an 
IC card is enciphered with a publishers secret key SKI. electronic signature is specifically generated, it attaches 
to public key PK1 , the public key certification C of PK1 is generated, and this is sent to IC card 1 . IC card 1 stores 
this in the certificate storing section 12. 

I [0008] Next, at the time of online distribution of application, or renewal of a key, as shown in drawing 2 B. 
verification person equipment (for example, service provider equipment) 3 sends a key generation commarKL±o IC 




card 1 through a network 4. IC card l ^is given to public kev PK2 which answered this command, generat^a new 
Jj^e y (here, it is public key PK2 and secret key SK2) in thej ^ey generation section 11, generated the elecl^orntT^ 
"signatu f^ S using se cret key SKl-Stored in the card in the^ignature gen"erating section 13, and were nevyi v 

generated. Public key PK2 specifically generated newlv are enciphered by^ ecrgtke]j/ SKI, and th e electro nic ^ 
^signa ture S is ge ne^rated^ Subsequently, Certificate C is readjf rom the certificate storing section 12, and this"^^ 

cirEificate u is tiFansmitted to verification pe rson e quipment 3 togetReFw^^ 
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signature S whichwergjjpwly generated. Verification person equipment 3 receives public key PK2 newly 
generated, the electronic signature S, and Certificate C, and the certificate verification section 31 verifies 
Certificate C and the electronic signature S. That Is, Certificate C is decrypted with a publisher's public key PKI, 
registration public key PKl of an IC card is taken out from Certificate C, and public key PK2 which decrypted the 
electronic signature S by this public key PKl next, and were newly generated; are taken out. Thus, surely public 
key PK2 verified by public key PKl of IC card 1 proved to be just with Certificate C are generated by IC card 1. 
[0009] In addition, although the public key certification which proves the justification of public key PKl as public 
key certification information is used in the above-mentioned work example The signature candidate key algorithm 
version information, a serial number, a signer signature algorithm, Signer ID, the term of validity, and for [ ID ] a. 
signature, a signature candidate key, and the thing proving a signer signature can be used as public key 
certification information. 
[0010] 

[Effect of the Invention] According to the method and equipment of this invention which were mentioned above, it 
can confirm that surely the key generated or updated onHine is generated in an IC card. Therefore, it becomes 
possible to perform key generation for online distribution of application, and renewal of a key by online. 



[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram of the online IC card key generative system by this invention. 
[Drawing 2] A is the figure showing the procedure at the time of the card issuing of the online IC card key 
generation method of this invention, and B is the figure showing the procedure in key generation and verification. 
[Explanations of letters or numerals] 

1 IC Card 

2 Card Issuing Person. Equipment 

3 Verification Person Equipment 

1 1 Key Generation Section 

1 2 Certificate Storing Section 

1 3 Signature Generating Section 

21 Key Registration Section 

22 Certificate Generation Section 
31 Certificate Verification Section 
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[Drawing 2] 



JCP,2pp2-30pi50, A [FULL CONTENTS] Page 4 of 4 





PKl 


/•^ 1 1 -J *»c 9^ 






C 


•iit(PKi)as 


i£W^(C)^SjW 







PK2i:Wt5SKni 




PK2. S, 
PKl-CC«:-|^iliE 

ciUPKisiuaju 



[Translation done.] 



